do not disclose information, show generic error on login page

Conflicts: core/templates/login.php lib/base.php
2015-03-31 14:56:02 +02:00 · 2015-03-31 14:56:02 +02:00 · 8964c5068c
parent 488405d1ec
commit 8964c5068c
2 changed files with 10 additions and 0 deletions
--- a/core/templates/login.php
+++ b/core/templates/login.php
@ -24,6 +24,12 @@ script('core', [
 				<?php p($message); ?><br>
 			</div>
 		<?php endforeach; ?>
+		<?php if (isset($_['internalexception']) && ($_['internalexception'])): ?>
+			<div class="warning">
+				<?php p($l->t('An internal error occured.')); ?><br>
+				<small><?php p($l->t('Please try again or contact your administrator.')); ?></small>
+			</div>
+		<?php endif; ?>
 		<p id="message" class="hidden">
 			<img class="float-spinner" alt=""
 				src="<?php p(\OCP\Util::imagePath('core', 'loading-dark.gif'));?>">
--- a/lib/base.php
+++ b/lib/base.php
@ -957,6 +957,10 @@ class OC {
 			}
 		} catch (\OC\User\LoginException $e) {
 			$messages[] = $e->getMessage();
+		} catch (\Exception $ex) {
+			\OCP\Util::logException('handleLogin', $ex);
+			// do not disclose information. show generic error
+			$error[] = 'internalexception';
 		}

 		OC_Util::displayLoginPage(array_unique($error), $messages);